Firewall traversal and authentication
The VCS Expressway allows only authenticated client systems to use it as a traversal server.
Upon receiving the initial connection request from the traversal client, the VCS Expressway asks the client
to authenticate itself by providing its authentication credentials. The VCS Expressway then looks up the
client’s credentials in its own authentication database. If a match is found, the VCS Expressway accepts the
request from the client.
The settings used for authentication depend on the type of traversal client:
Traversal client VCS Expressway traversal server
VCS Control (or VCS Expressway)
The VCS client provides its Username and
Password. These are set on the traversal client
zone by using Configuration > Zones > Zones >
Edit zone, in the Connection credentials
section.
The traversal server zone for the VCS client must be
configured with the client's authentication Username. This is
set on the VCS Expressway by using Configuration > Zones
> Zones > Edit zone, in the Connection credentials section.
There must also be an entry in the VCS Expressway’s
authentication database with the corresponding client
username and password.
Endpoint
The endpoint client provides its Authentication
ID and Authentication Password.
There must be an entry in the VCS Expressway’s
authentication database with the corresponding client
username and password.
Note that all VCS traversal clients must authenticate with the VCS Expressway, even if the VCS
Expressway is not using device authentication for endpoint clients.
Authentication and NTP
All VCS traversal clients that support H.323 must authenticate with the VCS Expressway. The
authentication process makes use of timestamps and requires that each system uses an accurate system
time. The system time on a VCS is provided by a remote NTP server. Therefore, for firewall traversal to
work, all systems involved must be configured with details of an NTP server.
Cisco VCS Administrator Guide (X8.1.1) Page 61 of 507
Firewall traversal
Firewall traversal and authentication
To Next Page
Loading...
